Skip to content

Bump Aspose.PDF, PdfPig and System.Text.Json #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump Aspose.PDF, PdfPig and System.Text.Json #582

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 19, 2025

Pinned Aspose.PDF at 25.9.0.

Pinned PdfPig at 0.1.11.

Release notes

Sourced from PdfPig's releases.

0.1.11

Welcome to version 0.1.11. The changes in this version have mainly focused on stability. There is a breaking API change.

We have also started to run tests against a larger corpus of documents from Common Crawl allowing us to find bugs and malformed files proactively. This release is screened against 6000 additional files.

  • Improvements to content and font parsing detected by fuzzing inputs.
  • Improvements and resiliency for finding the startxref location when parsing a file..
  • Adds build and tests for Mac OS as well as retrieving system fonts on iPad (Mac Catalyst).
  • Support clipping when rendering XObjects.
  • Prevent malformed files leading to an out-of-memory when decompressing streams.
  • Make IGraphicsStateOperationFactory and ReflectionGraphicsStateOperationFactory public.
  • Softmask support for images.
  • Performance improvements using Span and ReadOnlyMemory where available.
  • Handle corrupt files where the stream contains comment tokens.
  • Improvements to copying from existing files when using PdfDocumentBuilder, fixes some bugs with copying fonts and dictionary tokens referenced indirectly.
  • Handle corrupt files with double endstream definitions.
  • More tolerant parsing for a number of invalid PDFs, including invalid USC2 input, CMAP formats, CFF fonts, missing font subtypes, invalid xref table positions, missing /FirstChar entry for font dictionaries and corrupt ASCII 85 encoded data.
  • Fix an issue where adding content to an existing PDF using PdfDocumentBuilder could result in upside-down or wrongly positioned text due to global transforms in the source PDF.
  • New option to completely skip annotations when building a document.
  • Prevent infinite loops in certain documents #​1096.
  • Improved performance when tokenizing numbers, this should provide a minor speed improvement.
  • When adding a page from an existing PDF to a PdfDocumentBuilder any external link annotations should be preserved.

Breaking changes

The method on PdfDocumentBuilder:

public PdfPageBuilder AddPage(PdfDocument document, int pageNumber, Func<PdfAction, PdfAction?>? copyLink)

Has been changed to wrap the copyLink parameter in an options object to support the KeepAnnotations option:

public PdfPageBuilder AddPage(PdfDocument document, int pageNumber, AddPageOptions options)

You can just set the CopyLinkFunc property in the options object if you need to access this functionality.

Auto generated change log

0.1.10

What's Changed

New Contributors

Commits viewable in compare view.

Updated System.Text.Json from 9.0.5 to 9.0.9.

Release notes

Sourced from System.Text.Json's releases.

9.0.9

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.8...v9.0.9

9.0.8

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.7...v9.0.8

9.0.7

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Read messages from binlog if process output is missing build finished message (#​114676)
    Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.

  • Fix debugger app hangs related to thread exit (#​114917)
    Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.

  • [Mono] Workaround MSVC miscompiling sgen_clz (#​114903)
    Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.

  • Do not set the salt or info if they are NULL for OpenSSL HKDF (#​114877)
    Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.

  • [Test Only] Fix Idn tests (#​115032)
    Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.

  • JIT: revised fix for fp division issue in profile synthesis (#​115026)
    Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115361)
    Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.

  • [Mono] Fix c11 ARM64 atomics to issue full memory barrier (#​115635)
    Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.

Performance Improvements

  • [WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#​114678)
    Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.

  • Improve distribute_free_regions (#​115167)
    Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114905)
    Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​114995)
    Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.

  • Add support for more libicu versions (#​115376)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • Run outerloop pipeline only for release branches, not staging/preview (#​115011)
    Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.

... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump Aspose.PDF, PdfPig and System.Text.Json
e2ab66c 
Bumps Aspose.PDF from 25.1.0 to 25.9.0
Bumps PdfPig from 0.1.9 to 0.1.11
Bumps System.Text.Json from 9.0.5 to 9.0.9

---
updated-dependencies:
- dependency-name: Aspose.PDF
  dependency-version: 25.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: Aspose.PDF
  dependency-version: 25.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: PdfPig
  dependency-version: 0.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: PdfPig
  dependency-version: 0.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: System.Text.Json
  dependency-version: 9.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Sep 19, 2025
@github-actions github-actions bot enabled auto-merge September 19, 2025 21:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants